Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-21706

CLIENT_NO_SCHEMA: `GRANT..ON db.table..` changes the explicit database to the current

    XMLWordPrintable

    Details

      Description

      When the CLIENT_NO_SCHEMA client capability flag is set, GRANT commands remove the explicitly given database name and replace it to the current database.

      Normally it can be reproduced when an ODBC DSN has the NO_SCHEMA=1 parameter, but it can also be reproduced using a command line with debugger.

      How to reproduce with a debugger

      Set a break point inside prepare_new_connection_state() in your debugger, e.g.:

      (gdb) b prepare_new_connection_state
      

      Continue the server execution in the debugger.

      Start a new command line client as a super-user. When the execution reaches the breakpoint, add the CLIENT_NO_SCHEMA bit into thd->client_capabilities, e.g.:

      (gdb) set thd->client_capabilities= thd->client_capabilities | CLIENT_NO_SCHEMA
      

      and continue the execution.

      Run the following script in the client:

      USE mysql;
      DROP TABLE IF EXISTS test.user;
      CREATE TABLE test.user (a INT);
      DROP USER IF EXISTS user1@localhost;
      CREATE USER user1@localhost;
      GRANT SELECT ON test.user TO user1@localhost;
      SHOW GRANTS FOR user1@localhost;
      

      The output is:

      +-------------------------------------------------------+
      | Grants for user1@localhost                            |
      +-------------------------------------------------------+
      | GRANT USAGE ON *.* TO 'user1'@'localhost'             |
      | GRANT SELECT ON `mysql`.`user` TO 'user1'@'localhost' |
      +-------------------------------------------------------+
      

      It looks wrong. The GRANT command was supposed to add the privilege on the table test.user, but it added the privilege on the table mysql.user instead, where mysql is the current database.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              bar Alexander Barkov
              Reporter:
              bar Alexander Barkov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: